Slackware ships with vanilla upstream packages as much as possible. No security patches will be included until they are in in the stock kernel on www.kernel.org. Hardcore Unix administrators have to judge for themselves what kind of security patches they deem worthwile and apply them. Remember, not every security related change is actually an improvement. There's an interesting thread on Slashdot about Slackware not using PAM.

What kind of security features do you think I'm talking about? I'm talking about patches that almost eliminate all sorts of memory corruptions like buffer overflows, stack overflow, stack smashing, race conditions, ipc vulnerabilities etc.

This isn't a judgment call, this is a necessity if you don't want your network to be hacked! I'm talking about reasonable default access control lists for Slackware that enable chroot restrictions and address space modifications. These are mandatory if you run a server. You don't have any of those, you are not secure, and you can be hacked, period!

As for PAM it is only a superficial security barrier, even PAM needs to be patched with PaX to be somewhat safe and of course correctly configured.